To amend the Homeland Security Act of 2002 to enhance the information security of the Department of Homeland Security, and for other purposes.
Homeland Security Network Defense and Accountability Act of 2008 - Amends the Homeland Security Act of 2002 to direct the Secretary of the Department of Homeland Security (DHS) to delegate to the Department's Chief Information Officer (CIO) authority for the development, approval, implementation, integration, and oversight of DHS policies, procedures, activities, funding, and systems relating to information management and information infrastructure.
Lists CIO qualifications (including at least five years of executive leadership and management experience in information technology and information security) and functions (including establishing an incident response team).
(Sec. 3) Directs the CIO to establish, oversee the deployment of, and regularly update security control testing protocols that ensure that DHS's information infrastructure is effectively protected against known attacks and exploitations of federal and contractor information infrastructure.
(Sec. 4) Requires the Inspector General to conduct performance and programmatic reviews of DHS's information infrastructure to determine the effectiveness of its security policies and controls. Requires programmatic reviews to: (1) determine whether a DHS component is complying with policies, processes, and procedures established by the CIO; and (2) focus on risk assessment, management, and mitigation, with primary regard to the implementation of best practices such as authentication, access control (including remote access), intrusion detection and prevention, and data protection and integrity. Directs the Inspector General to submit a security report on each review that includes prioritized recommendations for improving security controls, including recommendations regarding funding changes and personnel management, to the Secretary, CIO, and head of the DHS component. Requires: (1) the DHS component head and the CIO to jointly submit a corrective action report to the Secretary and the Inspector General; and (2) the Inspector General to submit an annual report to the House and Senate homeland security committees.
(Sec. 5) Defines "information infrastructure" under such Act as systems and assets used in processing, transmitting, receiving, or storing information electronically.
(Sec. 6) Requires the Secretary, before entering into or renewing a covered contract and acting through the CIO, to determine that the contractor has an internal information systems security policy that complies with DHS information security requirements. Sets forth contract requirements regarding security and subcontracting, including requiring the contractor to: (1) provide contracted services on a continuing basis to DHS in the event of an unplanned or disruptive event; (2) deliver timely notice of any internal computer incident that could violate or threaten computer security policies, acceptable use policies, or standard security practices at DHS to the U.S. Computer Emergency Readiness Team and the incident response team; and (3) develop and implement a plan for the award of subcontracts to small business and disadvantaged business concerns.
Directs the Secretary to report to the House Homeland Security Committee and the Senate Homeland Security and Governmental Affairs Committee on: (1) progress in implementing requirements issued by the Office of Management and Budget (OMB) for encryption, authentication, Internet Protocol version 6, and Trusted Internet Connections; (2) a plan to investigate breaches against DHS's information infrastructure for purposes of counterintelligence assessment, attribution, and response; (3) a proposal to increase threat information sharing with contractors and provide specialized damage assessment training to private sector information security professionals; and (4) a process to coordinate DHS's information infrastructure protection activities.
(Sec. 7) Provides that nothing in this Act shall affect the application of the Federal Information Management Security Act of 2002 to DHS.
Introduced in House
Introduced in House
Sponsor introductory remarks on measure. (CR E842-843)
Referred to the House Committee on Homeland Security.
Committee Consideration and Mark-up Session Held.
Ordered to be Reported (Amended) by Voice Vote.
Reported (Amended) by the Committee on Homeland Security. H. Rept. 110-777.
Reported (Amended) by the Committee on Homeland Security. H. Rept. 110-777.
Placed on the Union Calendar, Calendar No. 496.
Mr. Thompson (MS) moved to suspend the rules and pass the bill, as amended.
Considered under suspension of the rules. (consideration: CR H7176-7180)
DEBATE - The House proceeded with forty minutes of debate on H.R. 5983.
checking server…
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line
At the conclusion of debate, the chair put the question on the motion to suspend the rules. Mr. Bilirakis objected to the vote on the grounds that a quorum was not present. Further proceedings on the motion were postponed. The point of no quorum was withdrawn.
Considered as unfinished business. (consideration: CR H7596)
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.(text: CR 7/29/2008 H7176-7178)
On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR 7/29/2008 H7176-7178)
Motion to reconsider laid on the table Agreed to without objection.
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.